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I. STATEMENT OF THE CASE 
Appellants appeal from the Examiner's final rejection of claims 1, 3- 
7, 11, 12, 16, 17, 19, 20, 22-26, 28, 30, 31, 35, 36, 38, 39, 41-45, 47, 49, 50, 
54, 55, 57-62, 64, and 67-73 under 35 U.S.C. § 134 (2002). We have 
jurisdiction under 35 U.S.C. § 6(b)(2002). An Oral Hearing regarding this 
appeal was conducted on March 18, 2009. 

A. INVENTION 
According to Appellants, the invention relates to securing an 
accessible computer system (Spec. 1, 1. 13). 



B. ILLUSTRATIVE CLAIM 

Claim 1 is exemplary and is reproduced below: 

1. A method for securing an accessible computer system, the method 
comprising: 

receiving more than one data packet at a network device, each data 
packet including a payload portion and an attribute portion and being 
communicated between at least one access requestor and at least one access 
provider through the network device; 

monitoring, at the network device, at least the payload portion of the 
data packets directed from at least one of the access providers to at least one 
of the access requestors by scanning the payload portion for at least one 
predetermined pattern and counting a number of data packets having 
payload portions that include the predetermined pattern; and 
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using the network device to deny communication of subsequent data 
packets from the access requestor to the access provider when a number of 
payload portions of the data packets received from the access provider to the 
access requestor are deemed to include the predetermined pattern exceed a 
configurable threshold number. 



The prior art relied upon by the Examiner in rejecting the claims on 
appeal is: 



Claims 1, 3-7, 11, 12, 16, 17, 19, 20, 22-26, 28, 30, 31, 35, 36, 38, 39, 
41_45, 47, 49, 50, 54, 55, 57-62, 64, and 67-73 stand rejected under 35 
U.S.C. § 103(a) over the teachings of Cox in view of Eichstaedt, Maher, and 
Alcendor. 

We REVERSE. 



Have Appellants shown that the Examiner erred in finding that the 
combination of Cox in view of Eichstaedt, Maher, and Alcendor teaches or 
would have suggested the steps of "monitoring, at the network device, at 
least the payload portion of the data packets directed from at least one of the 
access providers to at least one of the access requestors" and "using the 
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network device to deny communication of subsequent data packets from the 
access requestor to the access provider" (Claim 1)? 

III. FINDINGS OF FACT 
The following Findings of Fact (FF) are shown by a preponderance of 
the evidence. 

Cox 

1. Cox discloses analyzing an incoming data packet from the public 
network, wherein the incoming data packet is matched against known 
patterns where the known patterns are associated with known forms of 
attack on the private network (col. 1, 11. 62-67). 

2. When a packet from attacker 16 reaches routing device 12, an attack 
blocking component will notice that the address matches one that 
exists within private network 12 and the attack blocking component 
can deny access to private network 12 (col. 2, 11. 8-15; Fig. 1) 

3. The routing device 10 can be enabled to intelligently analyze 
incoming packets, match the packets against known patterns for attack 
strategies and respond accordingly to malicious packets (col. 3, 11. 26- 
29; Fig. 1). 
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Alcendor 

4. Alcendor discloses controlling subscription services delivered to a 
user by an Internet Service Provider (ISP) coupled to an Automated 
Intelligent Network (AIN) telephone system (Abstract). 

IV. PRINCIPLES OF LAW 
35U.S.C. §103 

"[T]he PTO gives claims their 'broadest reasonable interpretation.'" 
In re Bigio, 381 F.3d 1320, 1324 (Fed. Cir. 2004) (quoting In re Hyatt, 211 
F.3d 1367, 1372 (Fed. Cir. 2000)). "Moreover, limitations are not to be read 
into the claims from the specification." In re Van Geuns, 988 F.2d 1181, 
1184 (Fed. Cir. 1993) (citing In re Zletz, 893 F.2d 319, 321 (Fed. Cir. 
1989)). Our reviewing court has repeatedly warned against confining the 
claims to specific embodiments described in the specification. Phillips v. 
AWH Corp., 415 F.3d 1303, 1323 (Fed. Cir. 2005) (en banc). 

One cannot show nonobviousness by attacking references individually 
where the rejections are based on combinations of references. In re Merck 
& Co., Inc., 800 F.2d 1091, 1097 (Fed. Cir. 1986). 

In rejecting claims under 35 U.S.C. § 103, it is incumbent upon the 
Examiner to establish a factual basis to support the legal conclusion of 
doing, the Examiner must make the factual determinations set forth in 
Graham v. John Deere Co., 383 U.S. 1, 17 (1966). "[T]he examiner bears 
the initial burden, on review of the prior art or on any other ground, of 
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presenting a prima facie case of unpatentability." In re Oetiker, 977 F.2d 
1443, 1445 (Fed. Cir. 1992). If the Examiner's burden is met, the burden 
then shifts to the Appellant to overcome the prima facie case with argument 
and/or evidence. Obviousness is then determined on the basis of the 
evidence as a whole and the relative persuasiveness of the arguments. See id. 

V. ANALYSIS 
35 U.S.C. § 103(a) 

Initially, Appellants argue that "Cox never monitors data packets from 
Access Provider Y" but instead "monitors solely data packets from the 
Access Requestor" (Supp. App. Br. 5). However, Cox does not disclose any 
such "Access Provider Y" or "Access Requestor" as argued by Appellants, 
which are merely terms disclosed in Appellants' Supplemental Appeal Brief 
and Reply Brief. We will not read "Access Provider Y" and "Access 
Requestor" or any such function attributed to the "Access Provider Y" and 
"Access Requestor" by Appellants as the teaching of Cox. 

We begin our analysis by giving the claims their broadest reasonable 
interpretation. See In re Bigio, 381 F.3d at 1324. Furthermore, our analysis 
will not read limitations into the claims from the Specification. See In re 
Van Geuns, 988 F.2d at 1184. It is the Appellants' burden to precisely 
define the invention. See In re Morris 127 F.3d 1048, 1056 (Fed. Cir. 1997). 
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Appellants' claims simply do not place any limitation on what the claimed 
term "access provider" is to be, to represent, or to mean, other than that data 
packets are directed from at least one of the access providers. 

As for the argument "Cox does not disclose any such 'Access 
Provider Y," Appellants appear to be arguing that Cox does not disclose 
"monitoring, at the network device, at least the payload portion of the data 
packets directed from at least one of the access providers to at least one of 
the access requestors" (claim 1). However, such label "access providers" is 
not functionally related to the claimed method. Such "access providers" 
feature does not change the functionality of or provide an additional function 
to the claimed method, but rather, is merely a label set forth for the source of 
the data packets. Such label will not distinguish the invention from the prior 
art in terms of patentability. 

Cox discloses a routing device for analyzing incoming data packets by 
matching the packets against known patterns where the known patterns are 
associated with known forms of attack on the private network (FF 1 and 3), 
wherein an attack blocking component can deny access to a private network 
based on the matching results (FF 2). We find an artisan would have 
understood the routing device of Cox to be a network device for receiving 
more than one data packet and monitoring the at least the payload portion of 
the data packets by scanning for at least one predetermined pattern, wherein 
the network device is used to deny communication of subsequent data 
packets, as recited in claim 1. Furthermore, as discussed above, the claimed 



7 



Appeal 2008-4795 
Application 09/894,918 



term "access providers" is merely a label set forth to define the source of the 
data packets, and we find that Cox discloses a source for the data packets. 

Alcendor discloses controlling subscription services delivered to a 
user by a provider (FF 4). We find an artisan would have understood the 
subscription services of Alcendor to be access providers, and also would 
have understood the controlling of subscription services of Alcendor to be 
monitoring data packets directed from at least one of the access providers to 
at least one of the access requestors, as recited in claim 1. 

Though Appellants argue that "Alcendor lacks the use of an 
intermediary network device" and that "Alcendor does not disclose anything 
that relates to data packets" (Supp. App. Br. 6), Appellants appear to be 
arguing that Alcendor alone fails to disclose or suggest the claim limitations. 
However, the Examiner has rejected the claims based on the combination of 
Cox in view of Eichstaedt, Maher, and Alcendor, and nonobviousness 
cannot be shown by attacking the references individually. See In re Merck, 
800 F.2d at 1097. As discussed above, Cox discloses a routing device, ie., 
an intermediary network device, for analyzing incoming data packets (FF 1 
and 3). 

Appellants also contend that "not any one of the four references, Cox, 
Eichstaedt, Maher and Alcendor, nor any possible combination of these 
references, discloses or suggests the feature of denying subsequent data 
packets from access requestors based on the results of monitoring the 
pavload portion of the data packets directed from access providers , as 
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claimed" (Supp. App. Br. 4). The Examiner finds that the claimed feature 
"is taught by Cox, Eichstaedt, Maher and Alcendor combined" (Ans. 13). In 
particular, the Examiner finds that Cox "discloses denying subsequent data 
packets from access requestors based on the result of monitoring the payload 
portion of the data packets . . . 'the routing device can implement methods of 
blocking denial of service attacks (id.). Accordingly, we address on 

this appeal whether the combination of Cox in view of Eichstaedt, Maher, 
and Alcendor teaches or would have suggested the steps of "monitoring, at 
the network device, at least the payload portion of the data packets directed 
from at least one of the access providers to at least one of the access 
requestors" and "using the network device to deny communication of 
subsequent data packets from the access requestor to the access provider" 
(claim 1). 

After reviewing the record on appeal, we agree with Appellants. 
While the combination of Cox in view of Eichstaedt, Maher, and Alcendor 
teaches and strongly suggests a network device for receiving more than one 
data packet and monitoring the at least the payload portion of the data 
packets by scanning for at least one predetermined pattern, wherein the 
network device is used to deny communication of subsequent data packets 
(FF 1-3), wherein the monitored data packets are directed from at least one 
of the access providers to at least one of the access requestors (FF 4), we 
agree with the Appellants that there is no denying of subsequent data packets 
from access requestors based on the results of monitoring the payload 
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portion of the data packets directed from access providers, as required by 
claim 1. That is, though such claimed terms "access requestors" and "access 
providers" are merely labels that will not distinguish the invention from the 
prior art in terms of patentability, the combined teachings do not disclose or 
suggest monitoring the payload portion of the data packets directed from a 
first source (access providers) to deny communication of subsequent data 
packets from a second separate source (access requestor), as required by 
claim 1 . As admitted by the Examiner, Cox discloses monitoring the 
services from the attacker (the first source) for "blocking denial of service 
attacks" from the attacker (the same first source) (Ans. 13). 

We also find that Eichstaedt and Maher do not cure the deficiencies of 
Cox and Alcendor. That is, we find the combination of Cox in view of 
Eichstaedt, Maher, and Alcendor does not teach or suggest the steps of 
"monitoring, at the network device, at least the payload portion of the data 
packets directed from at least one of the access providers to at least one of 
the access requestors" and "using the network device to deny 
communication of subsequent data packets from the access requestor to the 
access provider" (claim 1). Thus, we agree with Appellants that claim 1 
would not be obvious over Cox in view of Eichstaedt, Maher, and Alcendor. 

As such, we will reverse the rejection of representative claim 1 and 
claims 3-7, 11, 12, 16, 17, 19, 20, 22-26, 28, 30, 31, 35, 36, 38, 39, 41-45, 
47, 49, 50, 54, 55, 57-62, 64, and 67-73 standing therewith over Cox in view 
of Eichstaedt, Maher, and Alcendor. We thus conclude that Appellants have 
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shown that the Examiner erred in rejecting claims 1, 3-7, 11, 12, 16, 17, 19, 
20, 22-26, 28, 30, 31, 35, 36, 38, 39, 41-45, 47, 49, 50, 54, 55, 57-62, 64, 
and 67-73 under 35 U.S.C. § 103(a) for the reasons as set forth above. 

VI. CONCLUSIONS OF LAW 
Appellant has shown that the Examiner erred in finding claims 1, 3-7, 
11, 12, 16, 17, 19, 20, 22-26, 28, 30, 31, 35, 36, 38, 39, 41-45, 47, 49, 50, 
54, 55, 57-62, 64, and 67-73 unpatentable under 35 U.S.C. § 103(a) over the 
teachings of Cox in view of Eichstaedt, Maher, and Alcendor. 

VII. DECISION 
We have not sustained the Examiner's rejection with respect to any 
claim on appeal. Therefore, the Examiner's decision rejecting claim 1, 3-7, 
11, 12, 16, 17, 19, 20, 22-26, 28, 30, 31, 35, 36, 38, 39, 41-45, 47, 49, 50, 
54, 55, 57-62, 64, and 67-73 is reversed. 

REVERSED 
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